From c61ad40914bd6040877cb8ee3789c76bd893f607 Mon Sep 17 00:00:00 2001 From: dianlujitao Date: Thu, 20 Feb 2020 21:35:33 +0800 Subject: sdm660-common: Address SELinux denials and clean up Change-Id: I997a268c9ce23eab80f1981293720e17d21bbb7a --- rootdir/etc/init.qcom.post_boot.sh | 20 +++++------ rootdir/etc/init.qcom.rc | 58 +++++++++++++++---------------- rootdir/etc/init.qcom.sensors.sh | 4 +-- sepolicy/vendor/app.te | 3 +- sepolicy/vendor/file.te | 2 +- sepolicy/vendor/file_contexts | 36 ++++--------------- sepolicy/vendor/genfs_contexts | 29 +++++++++++++--- sepolicy/vendor/hal_audio_default.te | 1 + sepolicy/vendor/hal_camera_default.te | 5 --- sepolicy/vendor/hal_fingerprint_sdm660.te | 42 +++++++++------------- sepolicy/vendor/hal_power_default.te | 1 + sepolicy/vendor/hwservice.te | 1 - sepolicy/vendor/hwservice_contexts | 14 ++++---- sepolicy/vendor/property_contexts | 47 ++++++++++++++++++------- sepolicy/vendor/system_server.te | 2 -- sepolicy/vendor/thermal-engine.te | 1 + sepolicy/vendor/vendor_init.te | 2 +- sepolicy/vendor/vndservice.te | 1 - sepolicy/vendor/vndservice_contexts | 1 - 19 files changed, 136 insertions(+), 134 deletions(-) create mode 100644 sepolicy/vendor/hal_audio_default.te delete mode 100644 sepolicy/vendor/hal_camera_default.te delete mode 100644 sepolicy/vendor/system_server.te delete mode 100644 sepolicy/vendor/vndservice.te delete mode 100644 sepolicy/vendor/vndservice_contexts diff --git a/rootdir/etc/init.qcom.post_boot.sh b/rootdir/etc/init.qcom.post_boot.sh index 8dd85a8..af9f424 100644 --- a/rootdir/etc/init.qcom.post_boot.sh +++ b/rootdir/etc/init.qcom.post_boot.sh @@ -5590,16 +5590,16 @@ if [ -f /sys/devices/soc0/select_image ]; then fi # Change console log level as per console config property -console_config=`getprop persist.console.silent.config` -case "$console_config" in - "1") - echo "Enable console config to $console_config" - echo 0 > /proc/sys/kernel/printk - ;; - *) - echo "Enable console config to $console_config" - ;; -esac +# console_config=`getprop persist.console.silent.config` +# case "$console_config" in +# "1") +# echo "Enable console config to $console_config" +# echo 0 > /proc/sys/kernel/printk +# ;; +# *) +# echo "Enable console config to $console_config" +# ;; +# esac # Parse misc partition path and set property misc_link=$(ls -l /dev/block/bootdevice/by-name/misc) diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index 4eacd5e..fe328dd 100644 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -476,12 +476,12 @@ on property:vendor.radio.atfwd.start=false stop vendor.atfwd # corefile limit -on property:persist.debug.trace=1 - mkdir /data/core 0777 root root - write /proc/sys/kernel/core_pattern "/data/core/%E.%p.%e" +#on property:persist.debug.trace=1 +# mkdir /data/core 0777 root root +# write /proc/sys/kernel/core_pattern "/data/core/%E.%p.%e" -on property:init.svc.wpa_supplicant=stopped - stop dhcpcd +#on property:init.svc.wpa_supplicant=stopped +# stop dhcpcd on property:vendor.bluetooth.dun.status=running start vendor.bt-dun @@ -489,8 +489,8 @@ on property:vendor.bluetooth.dun.status=running on property:vendor.bluetooth.dun.status=stopped stop vendor.bt-dun -on property:ro.bluetooth.ftm_enabled=true - start ftmd +#on property:ro.bluetooth.ftm_enabled=true +# start ftmd on property:vendor.bluetooth.startbtlogger=true start vendor.bt_logger @@ -516,8 +516,8 @@ on property:vold.decrypt=trigger_restart_framework start qcom-c_main-sh start wcnss-service -on property:persist.env.fastdorm.enabled=true - setprop persist.radio.data_no_toggle 1 +#on property:persist.env.fastdorm.enabled=true +# setprop persist.radio.data_no_toggle 1 service vendor.qrtr-ns /vendor/bin/qrtr-ns -f class core @@ -581,8 +581,8 @@ service vendor.sensors.qti /vendor/bin/sensors.qti # Adjust socket buffer to enlarge TCP receive window for high bandwidth # but only if ro.data.large_tcp_window_size property is set. -on property:ro.data.large_tcp_window_size=true - write /proc/sys/net/ipv4/tcp_adv_win_scale 2 +#on property:ro.data.large_tcp_window_size=true +# write /proc/sys/net/ipv4/tcp_adv_win_scale 2 on property:sys.sysctl.tcp_adv_win_scale=* write /proc/sys/net/ipv4/tcp_adv_win_scale ${sys.sysctl.tcp_adv_win_scale} @@ -749,9 +749,9 @@ service loc_launcher /system/vendor/bin/loc_launcher user gps group gps -on property:crypto.driver.load=1 - insmod /system/lib/modules/qce.ko - insmod /system/lib/modules/qcedev.ko +#on property:crypto.driver.load=1 +# insmod /system/lib/modules/qce.ko +# insmod /system/lib/modules/qcedev.ko service drmdiag /system/vendor/bin/drmdiagapp class late_start @@ -759,11 +759,11 @@ service drmdiag /system/vendor/bin/drmdiagapp disabled oneshot -on property:drmdiag.load=1 - start drmdiag +#on property:drmdiag.load=1 +# start drmdiag -on property:drmdiag.load=0 - stop drmdiag +#on property:drmdiag.load=0 +# stop drmdiag service qcom-sh /vendor/bin/init.qcom.sh class late_start @@ -845,12 +845,12 @@ service ims_regmanager /system/vendor/bin/exe-ims-regmanagerprocessnative group net_bt_admin inet radio wifi disabled -on property:persist.ims.regmanager.mode=1 - start ims_regmanager +#on property:persist.ims.regmanager.mode=1 +# start ims_regmanager -on property:ro.data.large_tcp_window_size=true - # Adjust socket buffer to enlarge TCP receive window for high bandwidth (e.g. DO-RevB) - write /proc/sys/net/ipv4/tcp_adv_win_scale 2 +#on property:ro.data.large_tcp_window_size=true +# # Adjust socket buffer to enlarge TCP receive window for high bandwidth (e.g. DO-RevB) +# write /proc/sys/net/ipv4/tcp_adv_win_scale 2 service battery_monitor /system/bin/battery_monitor user system @@ -895,11 +895,11 @@ service hvdcp /system/bin/hvdcp user root disabled -on property:persist.usb.hvdcp.detect=true - start hvdcp +#on property:persist.usb.hvdcp.detect=true +# start hvdcp -on property:persist.usb.hvdcp.detect=false - stop hvdcp +#on property:persist.usb.hvdcp.detect=false +# stop hvdcp service charger_monitor /system/bin/charger_monitor user root @@ -1012,8 +1012,8 @@ service logdumpd /system/bin/logcat -b all -v threadtime -D -w /dev/block/bootde disabled # Logdumpd is enabled only for userdebug non-perf build -on property:ro.logdumpd.enabled=1 - start logdumpd +#on property:ro.logdumpd.enabled=1 +# start logdumpd service time_daemon /vendor/bin/time_daemon class main diff --git a/rootdir/etc/init.qcom.sensors.sh b/rootdir/etc/init.qcom.sensors.sh index daf7de2..978324e 100644 --- a/rootdir/etc/init.qcom.sensors.sh +++ b/rootdir/etc/init.qcom.sensors.sh @@ -32,8 +32,8 @@ start_sensors() { - chmod -h 664 /persist/sensors/sensors_settings - chown -h -R system.system /persist/sensors + # chmod -h 664 /persist/sensors/sensors_settings + # chown -h -R system.system /persist/sensors start vendor.sensors.qti # Only for SLPI diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te index a2d8aa6..511cc3f 100644 --- a/sepolicy/vendor/app.te +++ b/sepolicy/vendor/app.te @@ -1,3 +1,2 @@ -# Allow appdomain to get vendor_camera_prop -get_prop({ appdomain -isolated_app }, mlipay_prop) get_prop({ appdomain -isolated_app }, hal_fingerprint_prop) +get_prop({ appdomain -isolated_app }, mlipay_prop) diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index c9eeaf7..3901f9c 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -1,5 +1,5 @@ type debugfs_wlan, debugfs_type, fs_type; type ir_dev_file, file_type; type sysfs_touchpanel, fs_type, sysfs_type; -type fingerprint_sysfs, fs_type, sysfs_type; +type sysfs_fingerprint, fs_type, sysfs_type; type thermal_data_file, file_type, data_file_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index bc1cbb6..616afd3 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -1,50 +1,26 @@ # Biometric -/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_sdm660 u:object_r:hal_fingerprint_sdm660_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_sdm660 u:object_r:hal_fingerprint_sdm660_exec:s0 -# Fpc Fingerprint -/sys/devices/soc/soc:fpc1020(/.*)? u:object_r:fingerprint_sysfs:s0 - -# For Goodix fingerprint -/dev/goodix_fp u:object_r:fingerprint_device:s0 - -# Goodix Fingerprint data +# Fingerprint /data/gf_data(/.*)? u:object_r:fingerprintd_data_file:s0 -/data/misc/gf_data(/.*)? u:object_r:fingerprintd_data_file:s0 -/data/misc/goodix(/.*)? u:object_r:fingerprintd_data_file:s0 -/persist/data/gf* u:object_r:fingerprintd_data_file:s0 /data/vendor/fpc(/.*)? u:object_r:fingerprint_vendor_data_file:s0 /data/vendor/gf_data(/.*)? u:object_r:fingerprint_vendor_data_file:s0 /data/vendor/goodix(/.*)? u:object_r:fingerprint_vendor_data_file:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 # Firmware -/firmware u:object_r:firmware_file:s0 -/bt_firmware u:object_r:bt_firmware_file:s0 - -# Fpc Fingerprint data -/persist/fpc(/.*)? u:object_r:fingerprintd_data_file:s0 - -# HVDCP -/sys/devices(/platform)?/soc/[a-z0-9]+\.i2c/i2c-[0-9]+/[0-9]+-[a-z0-9]+/[a-z0-9]+\.i2c:qcom,[a-z0-9]+@[a-z0-9]:qcom,smb[a-z0-9]+-parallel-slave@[0-9]+/power_supply/parallel(/.*)? u:object_r:sysfs_usb_supply:s0 +/firmware u:object_r:firmware_file:s0 +/bt_firmware u:object_r:bt_firmware_file:s0 # IR /dev/lirc0 u:object_r:spidev_device:s0 /dev/spidev7.1 u:object_r:spidev_device:s0 -# Keylayout -/vendor/usr/idc(/.*)? u:object_r:vendor_keylayout_file:s0 -/vendor/usr/keylayout(/.*)? u:object_r:vendor_keylayout_file:s0 - # Light HAL -/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.xiaomi_sdm660 u:object_r:hal_light_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.xiaomi_sdm660 u:object_r:hal_light_default_exec:s0 # Mlipay /(vendor|system/vendor)/bin/mlipayd@1.1 u:object_r:hal_mlipay_default_exec:s0 -# Persist -/persist/PRSensorData\.txt u:object_r:sensors_persist_file:s0 - -# RTC -/sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0 - # Thermal /data/vendor/thermal(/.*)? u:object_r:thermal_data_file:s0 diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index d80c532..4589cfc 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -1,7 +1,26 @@ -genfscon sysfs /touchpanel u:object_r:sysfs_touchpanel:s0 -genfscon debugfs /wlan0 u:object_r:debugfs_wlan:s0 +# Battery +genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d u:object_r:sysfs_battery_supply:s0 + +# Fingerprint +genfscon sysfs /devices/soc/soc:fingerprint_fpc/device_prepare u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fingerprint_fpc/fingerdown_wait u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq_enable u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fingerprint_fpc/wakeup_enable u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fpc1020/device_prepare u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fpc1020/fingerdown_wait u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fpc1020/irq_enable u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fpc1020/wakeup_enable u:object_r:sysfs_fingerprint:s0 # LED -genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight u:object_r:sysfs_graphics:s0 -genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight1 u:object_r:sysfs_graphics:s0 -genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/white u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight1 u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/white u:object_r:sysfs_graphics:s0 + +# Power +genfscon debugfs /wlan0 u:object_r:debugfs_wlan:s0 + +# RTC +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc u:object_r:sysfs_rtc:s0 + +# Touchpanel +genfscon sysfs /touchpanel u:object_r:sysfs_touchpanel:s0 diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te new file mode 100644 index 0000000..fb3a241 --- /dev/null +++ b/sepolicy/vendor/hal_audio_default.te @@ -0,0 +1 @@ +allow hal_audio_default sysfs:dir r_dir_perms; diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te deleted file mode 100644 index 34531cb..0000000 --- a/sepolicy/vendor/hal_camera_default.te +++ /dev/null @@ -1,5 +0,0 @@ -binder_call(hal_camera_default, hal_configstore_default) -binder_call(hal_camera_default, hal_graphics_allocator_default) - -allow hal_camera_default sysfs:file { getattr open read }; -allow hal_camera_default sysfs_kgsl:file { getattr open read }; diff --git a/sepolicy/vendor/hal_fingerprint_sdm660.te b/sepolicy/vendor/hal_fingerprint_sdm660.te index 6cef299..5809cfd 100644 --- a/sepolicy/vendor/hal_fingerprint_sdm660.te +++ b/sepolicy/vendor/hal_fingerprint_sdm660.te @@ -1,38 +1,30 @@ -type hal_fingerprint_sdm660, domain, binder_in_vendor_violators; +type hal_fingerprint_sdm660, domain; hal_server_domain(hal_fingerprint_sdm660, hal_fingerprint) - + type hal_fingerprint_sdm660_exec, exec_type, vendor_file_type, file_type; -typeattribute hal_fingerprint_sdm660 data_between_core_and_vendor_violators; -binder_use(hal_fingerprint_sdm660) init_daemon_domain(hal_fingerprint_sdm660) -allow hal_fingerprint_sdm660 fingerprint_device:chr_file { read write open ioctl }; -allow hal_fingerprint_sdm660 { tee_device uhid_device }:chr_file { read write open ioctl }; +allow hal_fingerprint_sdm660 { + fingerprint_device + tee_device + uhid_device +}:chr_file rw_file_perms; + +# TODO(b/36644492): Remove data_between_core_and_vendor_violators once +# hal_fingerprint no longer directly accesses fingerprintd_data_file. +typeattribute hal_fingerprint_sdm660 data_between_core_and_vendor_violators; +# access to /data/system/users/[0-9]+/fpdata allow hal_fingerprint_sdm660 fingerprintd_data_file:dir rw_dir_perms; allow hal_fingerprint_sdm660 fingerprintd_data_file:file create_file_perms; -allow hal_fingerprint_sdm660 { fuse mnt_user_file storage_file }:dir search; -allow hal_fingerprint_sdm660 { mnt_user_file storage_file }:lnk_file read; -allow hal_fingerprint_sdm660 fingerprint_sysfs:dir r_dir_perms; -allow hal_fingerprint_sdm660 fingerprint_sysfs:file rw_file_perms; -allow hal_fingerprint_sdm660 hal_fingerprint_sdm660:netlink_socket { create bind write read }; +allow hal_fingerprint_sdm660 sysfs_fingerprint:file rw_file_perms; -binder_call(hal_fingerprint_sdm660, vndservicemanager) -binder_call(hal_fingerprint_sdm660, hal_perf_default) +allow hal_fingerprint_sdm660 self:netlink_socket create_socket_perms_no_ioctl; -binder_use(hal_fingerprint_sdm660) +allow hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find; +binder_call(hal_fingerprint_sdm660, hal_perf_default) r_dir_file(hal_fingerprint_sdm660, firmware_file) - -add_service(hal_fingerprint_sdm660, goodixvnd_service) - -allow hal_fingerprint_sdm660 vndbinder_device:chr_file ioctl; - set_prop(hal_fingerprint_sdm660, hal_fingerprint_prop) -vndbinder_use(hal_fingerprint_sdm660) - -dontaudit hal_fingerprint_sdm660 { media_rw_data_file sdcardfs}:dir search; -dontaudit hal_fingerprint_sdm660 media_rw_data_file:dir { read open }; -dontaudit hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find; -dontaudit hal_fingerprint_sdm660 hal_fingerprint_hwservice:hwservice_manager add; +dontaudit hal_fingerprint_default storage_file:dir search; diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te index 6ecf0a0..d09d621 100644 --- a/sepolicy/vendor/hal_power_default.te +++ b/sepolicy/vendor/hal_power_default.te @@ -1,2 +1,3 @@ +allow hal_power_default sysfs_touchpanel:dir search; allow hal_power_default sysfs_touchpanel:file rw_file_perms; r_dir_file(hal_power_default, debugfs_wlan) diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te index 6c299d1..158b6cc 100644 --- a/sepolicy/vendor/hwservice.te +++ b/sepolicy/vendor/hwservice.te @@ -1,2 +1 @@ -type goodixhw_service, hwservice_manager_type; type hal_mlipay_hwservice, hwservice_manager_type; diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts index 1f1df2d..6ffb1fc 100644 --- a/sepolicy/vendor/hwservice_contexts +++ b/sepolicy/vendor/hwservice_contexts @@ -1,7 +1,7 @@ -vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0 -com.fingerprints.extension::IFingerprintEngineering u:object_r:hal_fingerprint_hwservice:s0 -com.fingerprints.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_hwservice:s0 -com.fingerprints.extension::IFingerprintNavigation u:object_r:hal_fingerprint_hwservice:s0 -com.fingerprints.extension::IFingerprintCalibration u:object_r:hal_fingerprint_hwservice:s0 -com.fingerprints.extension::IFingerprintSenseTouch u:object_r:hal_fingerprint_hwservice:s0 -vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0 +com.fingerprints.extension::IFingerprintCalibration u:object_r:hal_fingerprint_hwservice:s0 +com.fingerprints.extension::IFingerprintEngineering u:object_r:hal_fingerprint_hwservice:s0 +com.fingerprints.extension::IFingerprintNavigation u:object_r:hal_fingerprint_hwservice:s0 +com.fingerprints.extension::IFingerprintSenseTouch u:object_r:hal_fingerprint_hwservice:s0 +com.fingerprints.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_hwservice:s0 +vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0 +vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0 diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index c5212b1..617ac13 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -1,12 +1,35 @@ -persist.camera. u:object_r:camera_prop:s0 -ro.boot.fpsensor u:object_r:hal_fingerprint_prop:s0 -sys.fp.goodix u:object_r:hal_fingerprint_prop:s0 -sys.fp.vendor u:object_r:hal_fingerprint_prop:s0 -persist.sys.fp.info u:object_r:hal_fingerprint_prop:s0 -persist.vendor.sys.fp.vendor u:object_r:hal_fingerprint_prop:s0 -persist.vendor.sys.pay.fido u:object_r:mlipay_prop:s0 -persist.vendor.sys.pay.ifaa u:object_r:mlipay_prop:s0 -persist.vendor.sys.pay.soter u:object_r:mlipay_prop:s0 -persist.vendor.sys.provision.status u:object_r:mlipay_prop:s0 -persist.sys.thermal. u:object_r:thermal_engine_prop:s0 -sys.thermal. u:object_r:thermal_engine_prop:s0 +# Audio +audio.sys.noisy.broadcast.delay u:object_r:vendor_default_prop:s0 +audio.sys.offload.pstimeout.secs u:object_r:vendor_default_prop:s0 +audio_hal.in_period_size u:object_r:vendor_default_prop:s0 +audio_hal.period_multiplier u:object_r:vendor_default_prop:s0 +persist.audio.fluence.voicecomm u:object_r:vendor_default_prop:s0 + +# Camera +cameradaemon.SaveMemAtBoot u:object_r:vendor_default_prop:s0 +cpp.set.clock u:object_r:vendor_default_prop:s0 +disable.cpp.power.collapse u:object_r:vendor_default_prop:s0 +persist.camera. u:object_r:vendor_default_prop:s0 + +# Fingerprint +fpc_kpi u:object_r:vendor_default_prop:s0 +gf.debug.dump_data u:object_r:vendor_default_prop:s0 +persist.sys.fp. u:object_r:hal_fingerprint_prop:s0 +persist.vendor.sys.fp. u:object_r:hal_fingerprint_prop:s0 +ro.boot.fp. u:object_r:hal_fingerprint_prop:s0 +ro.boot.fpsensor u:object_r:hal_fingerprint_prop:s0 +sys.fp. u:object_r:hal_fingerprint_prop:s0 + +# Media +gpu.stats.debug.level u:object_r:vendor_default_prop:s0 + +# Mlipay +persist.vendor.sys.pay. u:object_r:mlipay_prop:s0 +persist.vendor.sys.provision.status u:object_r:mlipay_prop:s0 + +# Thermal engine +persist.sys.thermal. u:object_r:thermal_engine_prop:s0 +sys.thermal. u:object_r:thermal_engine_prop:s0 + +# Wlan +persist.vendor.wigig.npt.enable u:object_r:vendor_default_prop:s0 diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te deleted file mode 100644 index b364128..0000000 --- a/sepolicy/vendor/system_server.te +++ /dev/null @@ -1,2 +0,0 @@ -allow system_server vendor_keylayout_file:dir search; -allow system_server vendor_keylayout_file:file r_file_perms; diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te index 0e03308..f6f5331 100644 --- a/sepolicy/vendor/thermal-engine.te +++ b/sepolicy/vendor/thermal-engine.te @@ -1,5 +1,6 @@ allow thermal-engine thermal_data_file:dir rw_dir_perms; allow thermal-engine thermal_data_file:file create_file_perms; +allow thermal-engine sysfs:dir r_dir_perms; allow thermal-engine self:capability { chown fowner }; dontaudit thermal-engine self:capability dac_override; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 8d3b1e6..b3d4c00 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -5,4 +5,4 @@ allow vendor_init { tombstone_data_file }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; -set_prop(vendor_init, camera_prop) +set_prop(vendor_init, freq_prop) diff --git a/sepolicy/vendor/vndservice.te b/sepolicy/vendor/vndservice.te deleted file mode 100644 index ebc594c..0000000 --- a/sepolicy/vendor/vndservice.te +++ /dev/null @@ -1 +0,0 @@ -type goodixvnd_service, vndservice_manager_type; diff --git a/sepolicy/vendor/vndservice_contexts b/sepolicy/vendor/vndservice_contexts deleted file mode 100644 index 92d3f21..0000000 --- a/sepolicy/vendor/vndservice_contexts +++ /dev/null @@ -1 +0,0 @@ -android.hardware.fingerprint.IGoodixFingerprintDaemon u:object_r:goodixvnd_service:s0 -- cgit v1.2.3